here is another method that may be less complicated to implement.
On each of the pages, create a recordset that queries the client table and filters it on the the client ID passed in the query string and the user ID session variable
you will create this recordset on the detail, update and delete pages.
Then add the server redirect behavior to the page and set the trigger to If Recordset is empty.
This way if they change the url parameter to one that does not belong to the loged in user, they will b redirected.
to filter on a querystring, enter the following for the run time variable:
$_GET['ClientID']